doveadm pw is used to generate password hashes for different password schemes and
optionally verify the generated hash.

All generated password hashes have a {scheme} prefix, for example
{SHA512-CRYPT.HEX}. All passdbs have a default scheme for passwords stored without the
{scheme} prefix. The default scheme can be overridden by storing the password with the
scheme prefix.

Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the
userdb with the given value. In order to override multiple settings, the -o option
may be specified multiple times.

-v

Enables verbosity, including progress counter.

Command specific options:

-l

List all supported password schemes and exit successfully.
There are up to three optional password schemes: BLF-CRYPT (Blowfish crypt),
SHA256-CRYPT and SHA512-CRYPT. Their availability depends on the system's
currently used libc.

-p password

The plain text password for which the hash should be generated. If no password
was given doveadm(1) will prompt interactively for one.

-r rounds

The password schemes BLF-CRYPT, SHA256-CRYPT and SHA512-CRYPT
supports a variable number of encryption rounds. The following table shows the
minimum/maximum number of encryption rounds per scheme. When the -r option was
omitted the default number of encryption rounds will be applied.

The password scheme which should be used to generate the hashed password. By default the
CRAM-MD5 scheme will be used. It is also possible to append an encoding suffix
to the scheme. Supported encoding suffixes are: .b64, .base64 and
.hex.
See also http://wiki2.dovecot.org/Authentication/PasswordSchemes
for more details about password schemes.

-t hash

Test if the given password hash matches a given plain text password. You should enclose
the password hash in single quotes, if it contains one or more dollar signs ($). The
plain text password may be passed using the -p option. When no password was specified,
doveadm(1) will prompt interactively for one.